Before you can use Secure Fields in your web checkout we will need to create a checkout session.

Install a server-side SDK

Use the package manager in your preferred programming language to install our server-side SDK. Token generation can only be done server side and we do not recommend doing this client side as it will expose your API key to your customers.

npm install @gr4vy/node --save
# or: yarn add @gr4vy/node

Initialize the SDK client

Next, initialize the SDK with the ID of your instance and the private key.

const fs = require("fs");
const { Client } = require("@gr4vy/node");
// or: import { Client } from "@gr4vy/node";

const key = String(fs.readFileSync("./private_key.pem"));

const client = new Client({
  gr4vyId: "[GR4VY_ID]",
  privateKey: key,

The Gr4vy ID is the unique identifier for your instance. Together with the environment (sandbox or production) it is used to connect to the right APIs.

This assumes the key you created in the previous step is kept in a file called private_key.pem that is kept in the same folder next to the code. You could store this key in an environment variable or a secure vault.

Generate a checkout session

The final step is to create a new checkout session for use by Secure Fields.

const response = await client.addCheckoutSession();
const sessionId =;

The id if this session can now be passed to your checkout page, where it can be used by Secure Fields.


In this step you:

  • Installed the SDK
  • Created a new checkout session.
  • Passed the id if this session your front-end application, where it will be used by Secure Fields.